DEBIAN-CVE-2023-53163

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2023-53163

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53163.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-53163

Upstream

CVE-2023-53163

Published

2025-09-15T14:15:37.983Z

Modified

2025-11-25T11:15:37.509502Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: don't hold nilock when calling truncatesetsize() syzbot is reporting hung task at douseraddrfault() [1], for there is a silent deadlock between PGlocked bit and nilock lock. Since filemapupdatepage() calls filemapreadfolio() after calling foliotrylock() which will set PGlocked bit, ntfstruncate() must not call truncatesetsize() which will wait for PGlocked bit to be cleared when holding ni_lock lock.

References

https://security-tracker.debian.org/tracker/CVE-2023-53163

Affected packages

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}